Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/aTC_FMtzHsZtI14wbnunZmi33Jw.roa
File:                     aTC_FMtzHsZtI14wbnunZmi33Jw.roa (raw, json)
Hash identifier:          wvwgvmerl+Gv6gcyDvl/OWVT3i3Y0FpbzMV8nbDfYyo=
Subject key identifier:   69:30:BF:14:CB:73:1E:C6:6D:23:5E:30:6E:7B:A7:66:68:B7:DC:9C
Certificate issuer:       /CN=57b0d67c49ec12f4f5417038f6dc13c2f93ea765
Certificate serial:       019420681ABD5265139E35A4E0FAD8201274
Authority key identifier: 57:B0:D6:7C:49:EC:12:F4:F5:41:70:38:F6:DC:13:C2:F9:3E:A7:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V7DWfEnsEvT1QXA49twTwvk-p2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/aTC_FMtzHsZtI14wbnunZmi33Jw.roa
Signing time:             Wed 01 Jan 2025 05:48:00 +0000
ROA not before:           Wed 01 Jan 2025 05:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49494
IP address blocks:        193.169.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/V7DWfEnsEvT1QXA49twTwvk-p2U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/V7DWfEnsEvT1QXA49twTwvk-p2U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V7DWfEnsEvT1QXA49twTwvk-p2U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:1a:bd:52:65:13:9e:35:a4:e0:fa:d8:20:12:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57b0d67c49ec12f4f5417038f6dc13c2f93ea765
        Validity
            Not Before: Jan  1 05:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6930bf14cb731ec66d235e306e7ba76668b7dc9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c6:14:0d:5b:7d:29:75:94:58:03:78:63:8b:
                    68:d9:27:d2:95:8f:d6:31:4c:3f:d6:0b:96:55:fe:
                    2a:ea:28:5d:d8:6e:77:38:90:d1:10:81:6b:20:ac:
                    6d:68:9e:80:70:31:63:c0:f5:4f:46:49:62:24:85:
                    f8:f8:9a:71:30:b0:49:18:62:e4:06:f2:ac:91:15:
                    82:cf:6d:97:8c:ea:53:7c:c0:24:99:49:f4:72:ac:
                    c2:6e:f6:ee:43:8c:a3:5d:4e:d7:ed:2c:0b:81:6a:
                    8d:7a:c4:ba:1f:80:41:da:76:9c:97:29:c7:68:b8:
                    3f:0e:05:a6:49:2c:fb:45:ea:0c:22:3d:56:ef:ea:
                    9e:d6:86:c0:00:16:5b:1d:42:21:02:58:21:59:6a:
                    0b:65:47:f8:94:21:24:2b:14:f1:b0:1f:59:e0:0c:
                    fd:27:95:31:5d:ff:77:16:37:cd:49:5b:bd:b1:75:
                    bf:5f:40:ec:e3:7d:29:ad:a7:db:db:33:9b:c3:b5:
                    ff:91:b1:da:0d:28:32:e1:3d:d3:99:1e:05:64:32:
                    f6:06:b1:88:c2:3c:e3:b4:75:62:f8:b4:9b:b5:de:
                    6f:42:f0:5c:0c:07:51:b7:11:4f:fc:29:63:7d:1c:
                    e1:5c:db:29:09:ca:c9:52:f9:f5:b1:ad:16:27:ba:
                    67:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:30:BF:14:CB:73:1E:C6:6D:23:5E:30:6E:7B:A7:66:68:B7:DC:9C
            X509v3 Authority Key Identifier:
                keyid:57:B0:D6:7C:49:EC:12:F4:F5:41:70:38:F6:DC:13:C2:F9:3E:A7:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V7DWfEnsEvT1QXA49twTwvk-p2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/aTC_FMtzHsZtI14wbnunZmi33Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/V7DWfEnsEvT1QXA49twTwvk-p2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:d7:6d:19:95:4e:36:b0:a7:05:7b:47:6b:0b:d7:ad:d5:47:
         bc:02:ff:14:60:cd:86:5d:2d:71:d1:c3:5e:12:b7:b1:13:d0:
         28:9c:44:8a:68:27:1f:78:2d:10:3f:6e:4b:8e:a1:4c:33:45:
         45:bd:17:98:7e:0d:d7:14:b6:6a:8d:fd:48:ec:ca:05:f0:8f:
         bf:8a:d0:ef:69:05:30:24:cd:e4:56:21:e6:d0:ca:47:d3:41:
         bf:e1:21:2e:64:80:ec:9b:2f:72:4b:80:7d:c7:5d:e3:bc:6f:
         cd:41:12:bc:5e:0d:0d:ce:58:9d:5d:3f:56:7d:f5:1f:3c:9b:
         56:3d:f5:4b:be:cc:e7:f2:b0:66:a8:d9:e7:0b:04:f0:88:e3:
         cd:f9:57:52:39:bd:3c:32:11:06:77:04:07:39:95:fa:3a:1c:
         92:38:98:78:45:13:3e:a3:a2:ea:57:d5:c3:69:78:63:b3:79:
         64:55:e9:fc:56:dd:b4:a0:4f:70:20:e4:4c:57:ff:da:26:5a:
         6b:51:40:9e:6a:a2:09:5d:10:b2:d4:71:c5:bf:d8:0e:c6:42:
         b8:96:a8:74:58:b8:bf:6a:99:5f:b9:8f:dd:1a:13:07:ed:da:
         1f:65:01:b3:2f:97:22:76:3e:24:9a:24:17:bf:e2:9f:bc:07:
         ad:b5:ea:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaBq9UmUTnjWk4PrYIBJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YjBkNjdjNDllYzEyZjRmNTQxNzAzOGY2ZGMxM2MyZjkz
ZWE3NjUwHhcNMjUwMTAxMDU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTMwYmYxNGNiNzMxZWM2NmQyMzVlMzA2ZTdiYTc2NjY4YjdkYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMYUDVt9KXWUWAN4Y4to2SfSlY/W
MUw/1guWVf4q6ihd2G53OJDREIFrIKxtaJ6AcDFjwPVPRkliJIX4+JpxMLBJGGLk
BvKskRWCz22XjOpTfMAkmUn0cqzCbvbuQ4yjXU7X7SwLgWqNesS6H4BB2naclynH
aLg/DgWmSSz7ReoMIj1W7+qe1obAABZbHUIhAlghWWoLZUf4lCEkKxTxsB9Z4Az9
J5UxXf93FjfNSVu9sXW/X0Ds430prafb2zObw7X/kbHaDSgy4T3TmR4FZDL2BrGI
wjzjtHVi+LSbtd5vQvBcDAdRtxFP/CljfRzhXNspCcrJUvn1sa0WJ7pnfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkwvxTLcx7GbSNeMG57p2Zot9ycMB8GA1UdIwQY
MBaAFFew1nxJ7BL09UFwOPbcE8L5PqdlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjdEV2ZFbnNFdlQxUVhBNDl0d1R3dmstcDJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi84NTE2NTctMDQ0ZC00N2QzLWFmYzkt
YzNhODM3NWY5MGY5LzEvYVRDX0ZNdHpIc1p0STE0d2JudW5abWkzM0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi84NTE2NTctMDQ0ZC00N2QzLWFmYzktYzNhODM3NWY5MGY5
LzEvVjdEV2ZFbnNFdlQxUVhBNDl0d1R3dmstcDJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwalMMA0G
CSqGSIb3DQEBCwUAA4IBAQAU120ZlU42sKcFe0drC9et1Ue8Av8UYM2GXS1x0cNe
ErexE9AonESKaCcfeC0QP25LjqFMM0VFvReYfg3XFLZqjf1I7MoF8I+/itDvaQUw
JM3kViHm0MpH00G/4SEuZIDsmy9yS4B9x13jvG/NQRK8Xg0NzlidXT9WffUfPJtW
PfVLvszn8rBmqNnnCwTwiOPN+VdSOb08MhEGdwQHOZX6OhySOJh4RRM+o6LqV9XD
aXhjs3lkVen8Vt20oE9wIORMV//aJlprUUCeaqIJXRCy1HHFv9gOxkK4lqh0WLi/
aplfuY/dGhMH7dofZQGzL5cidj4kmiQXv+KfvAetterM
-----END CERTIFICATE-----